Blog

I’m a huge fan of the Pushover Simple Notification Service for receiving critical alerts about the servers for which I am responsible. It’s beautifully simple — in short, it takes the ‘walled garden’ of Google or Apple’s push notification system and extends it, so that you can push any text notification you want through their API, and it’ll get to your phone.

In this post, I will share how I get critical alerts from a Microsoft System Center Operations Manager instance to Pushover.

As I move closer to the significant milestone of one decade of having this personal blog, I felt that it was time for a significant overhaul of the look and feel of this site, as well as some of its non-blog post content.

Enter the 5.0 release!

Responsive and Refined…

Rather than evolving the existing stylesheet and making changes, I actually started over, using a new SASS-based CSS workflow. If you look really hard, you will see bits and pieces of the old CSS hanging around that I have migrated forward for the moment. In the fullness of time, though, any of the old code should be gone!

The result is a site that is truly responsive — it is designed for small screens first, then it scales up to larger displays, rather than having a full-size only layout, but removing content for display on smaller screens. I did have a retro-fitted responsive system before, but this approach is much cleaner and delivers a more consistent result.

A Font First!

Adding to the use of Colaborate for headings from my last design refresh, this design actually débuts my first experiment with editing fonts.

Thanks to the GPLv3 licensing terms of Colaborate, I was able to take it into TypeTool, and tone down its rather characterful lowercase ‘t’ for use as body text. The result is a custom font that, while it has its imperfections with kerning and missing ligatures, is an exciting first experiment for me — putting my interest type design to some practical use. I hope I will look back upon this first experiment with embarrassment later on when I have learned so much more, but for the moment it is very gratifying to have something to say “I did this” about!

A More Modern Portfolio

The content on my Portfolio page had definitely aged, and was long overdue an overhaul. It now focuses on four main areas — Devops and Automation, Systems Administration, Web Development and Software Development.

More to Come!

As mentioned, this is a big change, but that doesn’t mean I am done! There are various other places where older content and design still might be evident, and I hope to get to more in the coming weeks.

I am always interested to know where the products I buy come from, and at this particularly consumer-focused time of the year, it highlights the issue further. It is interesting to me just how complex the chains of dependencies involved in making any non-trivial ‘thing’ really are.

The computer I am writing this on was assembled in the UK, but I would suggest that most, or all, of its components were not. What about the suppliers who provided sub-components for those components? What about the raw materials, including the traces of rare earth minerals needed to do its electronic magic?

Unfortunately, the result of this enormous complexity, and the fact that the retailers from which we buy care about little but the price they pay, means it is very difficult to verify really important aspects of how the goods we consume were made. It seems that nobody, not even the retailers at this end of the chain, has the depth of insight into their supply chain needed to affirmatively say “this is how our product was made”.

So, when cost is the primary concern, and nobody really digs deep to understand what is happening at each stage of a product’s life, how can consumers at this side of the transaction be empowered to make more ethical choices?

If I go to my local big-name supermarket to buy a kettle, for example, I cannot look at all the options and make an assessment about which product was made in a way that best aligns with my values. Did the manufacture of the cheapest £5 kettle involve the exploitation of somebody? Probably. Is the £30 ‘luxury’ choice any better? We just don’t know.

There are pockets of hope in this area — initiatives like Fairtrade have, for some product categories, encouraged supermakets to go ‘all Fairtrade’ for particular items, and for other companies (tea and coffee businesses being a good example) to take steps to at least appear to be sourcing more ethically.

I just wish there were a big push from somewhere to gather accurate intelligence about how our stuff is made, and begin labelling more products in a way that empowers consumers to make better choices. I think there is a good portion of the population who want to make better choices that support human rights, environmental protection and social progress, but without high quality, verifiable information about what goes into what we consume, we are in the dark. While we remain uninformed, we cannot exert pressure on the market to do better as a whole.

I recently completed a physical migration of my server, the one that hosts this very page! It all went successfully, and without any noticeable downtime for this site, which I am pleased to be able to do.

There was, however, a period of time during which this server needed to be physically switched off and moved to the new location. To enable zero downtime, something would need to be able to host the server during that period.

Enter my Raspberry Pi!

This amazing little thing is capable of running Raspbian, a modified version of Debian, which means I get access to the rich library of Debian packages that are available. I have a private Git repository containing a modular set of Puppet manifests. These describe the exact configuration of this server, so by applying the Puppet manifests, I can spin up a new instance of this particular server’s configuration on a whim.

So, I dusted off an SD card that was lying around, dropped Raspbian on it, and installed Puppet and Git and applied the manifests.

If I’m honest, there were a few components that weren’t quite so happy to run, despite packages being available. Varnish didn’t seem to like my VCL file, so I had to run the site here directly with Nginx pointing to PHP-FPM instead.

To cut a long story short, it worked! I was successfully serving up this site, from the Pi, using (almost) my existing configuration. Performance was not stellar, even compared to the modest hardware that normally serves this page, with page load times about 10 times slower than uncached page loads normally would be. The main blog page did take 1.5 seconds to render! For the short time I needed it though, I was very happy to have a very inexpensive and easy solution.

I’ve been fortunate this week to have a little time to work on Total Slider, my (and Van Patten Media’s) open source WordPress plugin for making those neat little slideshow things, like so:

I have been meaning to get to this project again for a while, so it is great to get a moment or two to give it the love and attention it deserves.

My focus thus far has been on a complete overhaul of Total Slider’s data storage format — away from using wp_option records and using a custom post type.

This change is not only the right thing to do to clean things up and follow best practices, but it opens doors to other neat features that will make Total Slider feel like it fits into the WordPress Way even more. Without making undeliverable promises, I’d love to see automatic saving of slide drafts make it into 2.0!

One of the things I have found that is pleasing is that much of the code I have already written is sufficiently abstracted that ripping out the fundamentals of the data format has been a lot less painful than it could have been!

It is nice as well to use this blog for one of its original purposes, to give updates on the projects I am working on.

Apparently, no vulnerability these days is complete without a catchy name and logo — see Heartbleed and Shellshock! Joking aside, though, the very fact that these vulnerabilities are making non-tech news headlines puts pressure on everyone running potentially vulnerable systems to do their duty — usually as straightforward as running a pre-packaged security update.

The Heartbleed and Shellshock stories are taking the place of what we used to see reserved for particularly influental computer worms, like Sasser and Mydoom. It’s most definitely positive that some vulnerabilities are getting attention — unfortunately it is still the case that for some companies and system administrators, only outside pressure will convince them to promptly, diligently and consistently apply security updates.

What I’d like to see, is some way for people interested in improving computer security, the “good guys” for lack of a better term, to leverage this media interest to send a message to system administrators that it’s always necessary to apply software updates promptly, even when they don’t get on the TV news!

The Curse of The Black Box

The other key issue that Shellshock highlights, as did Heartbleed, is the issue of embedded ‘black box’ systems that might be vulnerable. This kind of system is everywhere — and because in many cases they are ‘set it and forget it’ machines, they represent a particular risk. It’s often very difficult to convince vendors of these systems of the importance of pushing upstream software updates down to end users, particularly when there is a lack of understanding and a lack of financial incentive.

Something big and mainstream, like Shellshock and Heartbleed, might convince system administrators to badger vendors to release patches for this kind of product, but we need to extend this further, and make it a social (or even a legal) expectation on vendors to supply security updates for any product they ship, for a reasonable lifetime period for that product.

The security landscape is too complex, and everything too interconnected, for anyone to have the opinion that “I don’t need to patch that, because there’s nothing important on it”.

Leaving Yourself in the Loop

I want to part with a few bullet points, with some actions I try to take to stay up-to-date. Automatic updates are increasingly common, but not universal, and these simple things can help you not miss a known vulnerability.

Document and understand the whole software footprint of the systems for which you are responsible. (This means embedded systems, software libraries, and more!)

Subscribe to announce mailing lists, follow Twitter accounts of the software projects and systems you use. (It pays to be in the know about available updates, and not hear about them after it is too late!)

Back in my earlier Linux days, I would experiment and fiddle a lot with different setups for desktop environments and appearance, customising my Linux system to my heart’s content! An example: I loved the 3D desktop effects of Xgl/Compiz back in 2006.

Time moved on, and I ended up settling with the defaults that distributions provided. I liked Ubuntu’s direction with Unity, upon its release in 2011.

So, I moved over to Debian for my personal server and my Linux desktop systems, and I have been very happy with it. At the same time, though, I wanted to get back to my previous spirit of playing around with different bits of software instead of just going with the defaults and surrendering to a full-size desktop environment. Frankly, the way I use Linux means I don’t find an overwhelming need for a wide variety of graphical applications.

With that in mind, I have set up a very unusual, and minimalist, desktop experience, which I thought I would document a little here for those that might be interested.

I continue to really enjoy the iPhone 5s camera — it may not have a mind-boggling megapixel count, but it seems to do an amazing job with its autofocus and in particular, it seems to capture the light in a balanced way.

I have been inspired once again to fire up my screencasting rig, to show you how to install PHP 5.5 on CentOS 6 using Rackspace’s IUS Community Repositories.

More and more web applications now are likely to require versions of PHP beyond 5.3. CentOS 6 users are stuck with 5.3, with backported security updates, unless they diverge from standard repositories or compile PHP themselves! Until CentOS 7 is with us, those of us trying to run a rock-solid web server on CentOS will be left out in the cold running recent web applications like Moodle 2.7 which require a newer PHP.

In this video, I show you how to use the IUS repositories to get PHP 5.5 running. These repositories, with their Rackspace backing, seem likely to be nice and stable going forward.